Possible security template issue

[mpsmith]

Im creating an automated CD for use at my office, and being a federal network it requires a security template. I searched the forums and couldnt find anything on when to use them, but I was just testing my CD and windows stopped installing at T-12min. I think this may be because it applied the template, but Im not sure/cant check since it stopped the installation. It didnt freeze... it just stopped. Does anyone know if this [may have] caused the problem? If so, does anyone know when a good time to apply the template? Thanks.

[Yzöwl]

What method are you using to deploy the template?

Without more information I think it's going to be difficult for anyonr to come up with a reason.

[mpsmith]

Good point.

Im using runonceex. The template is the last command executed:

secedit.exe /configure /cfg %CDROM%\USGS\install\security\usgs_sec_xp_091104.STIG.inf /db c:\windows\security\database\usgs_sec_wxpws.sdb /overwrite /log c:\windows\security\usgs_sec_wxpws.log

[Yzöwl]

If using a runonceex.cmd, mine would probably look something like this:

REG ADD %KEY%\075 /VE /D "Applying Security Template" /f
REG ADD %KEY%\075 /V 1 /D "%SystemRoot%\system32\cmd /c copy \"\"%SystemRoot%\security\Database\secedit.sdb\"\" \"\"%SystemRoot%\security\Database\WinXPPro.sdb\"\"" /f
REG ADD %KEY%\075 /V 2 /D "%SystemRoot%\system32\cmd /c copy \"\"%SystemDrive%\install\Security\WinXPPro.inf\"\" \"\"%SystemRoot%\security\templates\\"\"" /f
REG ADD %KEY%\075 /V 3 /D "%SystemRoot%\system32\secedit /configure /db \"\"%SystemRoot%\security\Database\WinXPPro.sdb\"\" /cfg \"\"%SystemRoot%\security\templates\WinXPPro.inf\"\" /overwrite /log \"\"%SystemRoot%\Temp\securcfg.log\"\" /quiet" /f

As you can see, it's very messy, it's only supposed to be on four lines, and very easy to get wrong due to all the quotation marks.

My method would be to copy the existing secedit.sdb file to a new WinXPPro.sdb, then copy my own WinXPPro.inf, then run the SECEDIT over the two.

Hope this helps you out.